A collection of articles and posts pulled from some of our favorite bloggers across the Internet.
Do you have an IT/Infosec Security blog that we can display here? Suggest a Link, otherwise Contact Us about getting blogging rights here on the Island!
Latest From the Web
From the Web
Taken to the Cleaners
January 20, 2010 from: Office of Inadequate Security
Earlier this month, CSO reported on a worldwide recall on several hardware-encrypted USB sticks from multiple vendors because they contain a flaw which could allow hackers to easily gain access to the sensitive information contained on the device. With the quality of security questionable in many USB drives, it would stand to reason that losing any stick carrying sensitive information now carries ...
Comments (0)
From the Web
Security researcher IDs China link in Google hack
January 20, 2010 from: Office of Inadequate Security
The malicious software used to steal information from companies such as Google contains code that links it to China, a security researcher said Tuesday. After examining the back-door Hydraq Trojan used in the hack, SecureWorks researcher Joe Stewart found that it used an unusual algorithm to check for data corruption when it transmits information. The source code for this algorithm, “only se...
Comments (0)
From the Web
Wait, Google - I Thought You Were Evil!
January 12, 2010 from: Rsnake's blog at ha.ckers.org
News is fast hitting about Chinese hacks against Adobe and Google. Very interesting stuff. But beyond the hacks themselves - in Google’s case targeting Chinese political dissidents - is this interesting news:
Comments (0)
From the Web
Seven Technical Security Myths of the Cloud
January 11, 2010 from: AEON Security Blog
CloudSecurity.org [1] staff wrote a document called “Assessing the Security Benefits of Cloud Computing” [2] and within the article they listed the “Seven Technical Security Benefits of the Cloud.” The article was well written and intentioned however, I decided to place a realistic view on the CloudSecurity’s content and in turn I present the “Seven Technical Se...
Comments (1)
From the Web
Hacking Takes Lead as Top Cause of Data Breaches
January 09, 2010 from: Office of Inadequate Security
Hacking has topped human error as the top cause of reported data breaches for the first time since such tracking began in 2007, according to the Identity Theft Resource Center’s 2009 Breach Report.In its report, titled “Data Breaches: The Insanity Continues,” the non-profit ITRC found that 19.5 percent of reported breaches were due to hacking, with insider theft as th...
Comments (0)
From the Web
All Your Clouds Are Belong to… Not You
January 08, 2010 from: AEON Security Blog
After reading ENISA’s “Benefits, risks and recommendations for information security” [1], I am convinced even more so now than I ever was before, against the cloud. For those unaware of the acronym, ENISA stands for European Network and Information Security Agency. It can be viewed as Europe’s version of the USA’s NIST. Their document is 125 pages, with 71 pages encom...
Comments (0)
From the Web
Heartland in $60 mln settlement agreement with Visa
January 08, 2010 from: Office of Inadequate Security
Heartland Payment Systems Inc (HPY.N) said it reached a $60 million settlement agreement with Visa Inc (V.N), under which it will pay issuers of Visa-branded credit and debit cards for data security breach claims.
Comments (0)
From the Web
Heartland breach shows why compliance is not enough
January 06, 2010 from: Office of Inadequate Security
The [Heartland] intrusion led to the “stark realization that passing a PCI security audit does not make a company secure,” said Avivah Litan, an analyst at research firm Gartner Inc. “This was known well before the breach, but Heartland served as a big pail of ice water thrown on the face of companies complying with PCI,” she said.
Comments (0)
From the Web
Pssst… For A Cup of Coffee, I’ll Say Your Cloud Is Secure
January 05, 2010 from: AEON Security Blog
In an article entitled “Cloud computing is a trap, warns GNU founder Richard Stallman” [1] the context couldn’t have been worded better:“It’s stupidity. It’s worse than stupidity: it’s a marketing hype campaign” … “Somebody is saying this is inevitable – and whenever you hear somebody saying that, it’s very likely...
Comments (0)
From the Web
Looking back on 2009
January 03, 2010 from: Office of Inadequate Security
The breach of Heartland Payment Systems grabbed the headlines for much of the year and the entire population of Belize had their birth details stolen when a government employee left a laptop in a car, but what else went on?
Comments (0)
From the Web
Cybercrooks stalk small businesses that bank online
January 03, 2010 from: Office of Inadequate Security
A rising swarm of cyber-robberies targeting small firms, local governments, school districts, churches and non-profits has prompted an extraordinary warning. The American Bankers Association and the FBI are advising small and midsize businesses that conduct financial transactions over the Internet to dedicate a separate PC used exclusively for online banking.
Comments (0)
From the Web
Internet trading site collective2.com hacked
December 30, 2009 from: Office of Inadequate Security
Users of the do-it-yourself trading site collective2.com received an “urgent” e-mail at a few minutes past noon Wednesday notifying them that the company’s computer database had been breached by a hacker and that all users should log in to change their passwords immediately.
Comments (1)
From the Web
Cloud Security: Want Some Fake Fries With That Vapor Shake?
December 30, 2009 from: AEON Security Blog
Recently I stumbled upon the Cloud Security Alliance’s “Security Guidance for Critical Areas of Focus in Cloud Computing V2.1” [1] and took a quick step back at this statement: Cloud computing is about gracefully losing control while maintaining accountability even if the operational responsibility falls upon one or more third parties. In being fair and logical about my interpret...
Comments (1)
From the Web
Code That Protects Most Cellphone Calls Is Divulged
December 28, 2009 from: Office of Inadequate Security
A German computer engineer said Monday that he had deciphered and published the secret code used to encrypt most of the world’s digital mobile phone calls, in what he called an attempt to expose weaknesses in the security of the world’s wireless systems.
Comments (0)
From the Web
Heartland to pay up to $2.4 million to settle cardholder class action suit
December 21, 2009 from: Office of Inadequate Security
Under the terms of the settlement, Heartland says it will pay a minimum of $1 million and up to a maximum of $2.4 million to class members who submit valid claims for losses as a result of the intrusion.
Comments (0)
From the Web
Hacking the US Government Is Cheap – Costwise
December 21, 2009 from: AEON Security Blog
Anyone who follows information security news is probably wondering this week: “What in the hell is up with security in this country”. At least for those of us living in the United States, this should of been the statement of choice.
Comments (1)
- Most SMBs Not Equipped to Handle Security Concerns: Study
- Cryptojacking – More than a Nuisance, It Poses a Serious Threat to Data Centers
- Changing Security Behaviors Via a Top Down Approach
- Amnesty International Targeted with NSO Group Spyware
- Plug Your Cloud Cybersecurity Holes
- Criminal Cyberattacks Are Up. Can Automated Security Help Bring Them Down?
- U.S. Now Leads by Number of DDoS Botnet C&C Servers
- Singapore Health Database Hit by 'Major' Cyberattack
- Q3 Oracle CPU Preview: Fewer Java SE Patches May Not Mean Fewer Flaws
- Memory Protection beyond the Endpoint